[
https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15404612#comment-15404612
]
Josh Elser commented on PHOENIX-3126:
-------------------------------------
One thing I just noticed is that {{User.getCurrent()}} has the potential to
return {{null}} which would cause an NPE in the equals() method. I'm not sure
if that can actually happen looking at the calling code, though.
{noformat}
@@ -415,6 +424,7 @@ public abstract class PhoenixEmbeddedDriver implements
Driver, SQLCloseable {
if (obj == null) return false;
if (getClass() != obj.getClass()) return false;
ConnectionInfo other = (ConnectionInfo) obj;
+ if (!other.user.equals(user)) return false;
if (zookeeperQuorum == null) {
if (other.zookeeperQuorum != null) return false;
} else if (!zookeeperQuorum.equals(other.zookeeperQuorum)) return
false;
{noformat}
We can easily switch that to {{Objects.equals(other.user, user)}} to work
around any worry. Since it's late for [[email protected]], I can make that
change and commit this too.
> The driver implementation should take into account the context of the user
> --------------------------------------------------------------------------
>
> Key: PHOENIX-3126
> URL: https://issues.apache.org/jira/browse/PHOENIX-3126
> Project: Phoenix
> Issue Type: Bug
> Reporter: Devaraj Das
> Fix For: 4.8.0
>
> Attachments: PHOENIX-3126.txt, aaaa.java
>
>
> Ran into this issue ...
> We have an application that proxies various users internally and fires
> queries for those users. The Phoenix driver implementation caches connections
> it successfully creates and keys it by the ConnectionInfo. The ConnectionInfo
> doesn't take into consideration the "user". So random users (including those
> that aren't supposed to access) can access the tables in this sort of a setup.
> The fix is to also consider the User in the ConnectionInfo.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
